通过秘密扫描确保机密安全
让 GitHub 努力确保令牌、私钥和其他代码机密不会暴露在您的仓库中。
谁可以使用此功能?
Secret scanning alerts for partners runs automatically on public repositories and public npm packages to notify service providers about leaked secrets on GitHub.
Secret scanning alerts for users are available for user-owned public repositories for free. Organizations using GitHub Enterprise Cloud with a license for GitHub Advanced Security can also enable secret scanning alerts for users on their private and internal repositories. Additionally, secret scanning alerts for users are available and in beta on user-owned repositories for GitHub Enterprise Cloud with Enterprise Managed Users. For more information, see "About secret scanning alerts" and "About GitHub Advanced Security."
For information about how you can try GitHub Advanced Security for free, see "Setting up a trial of GitHub Advanced Security."
机密扫描简介
了解 secret scanning 如何检测现有内容和新提交中的机密,帮助你避免泄露可能被利用的敏感数据。
启用机密扫描功能
了解如何启用 secret scanning 来检测存储库中已显示的机密,以及如何通过阻止包含机密的推送来主动防止泄露其他机密的推送保护。
管理来自机密扫描的警报
了解如何查找、评估和解决存储库中所存储机密的警报。
使用机密扫描和推送保护
Let GitHub do the hard work of ensuring that tokens, private keys, and other code secrets are not exposed in your repository.
使用高级机密扫描和推送保护功能
了解如何自定义 secret scanning 以满足公司的需求。
排查机密扫描和推送保护问题
如果在 secret scanning 或推送保护方面遇到问题,可以使用以下提示来帮助解决问题。
机密扫描合作伙伴计划
作为服务提供者,您可以与 GitHub 合作,通过密码扫描保护您的密码令牌格式,该扫描将搜索意外提交的密码格式,并且可以发送到服务提供者的验证端点。